Collaborate Disseminate
I read the infamous xkcd cartoon comparing two passwords and their strength. Curious whether their calculation was accurate, I searched many entropy calculators and plugged in the two examples from xkcd.
According to xkcd (https://xkcd.co… Continue reading Why do entropies of passwords significantly differ from site to site?
Let’s assume person A chooses 15 words for a passphrase with an average length of 5. The passphrase meets following conditions.
Word conditions:
The first word is not a valid word and can’t be found in any dictionary. It’s twice the lengt… Continue reading How to analyze the security of a custom passphrase?
Many online entropy calculators make certain assumptions (like assuming a password is as rare as the set of random characters that will generate it), or handwave away the math. I want to know how to calculate the entropy of a password dist… Continue reading How can you calculate the entropy of arbitrary password rules with known distributions? [duplicate]
I am writing a 4000-word essay on the topic "To what extent does password length and variation of characters affect the entropy of a password?".
Are there any topics or ideas I could explore within my essay title?
Continue reading Topics to explore in password entropy? [closed]
Okay, I know it might seem this has already been beaten to death but, hear me out. I am including a fairly good password strength algorithm for my app for users on sign-up. This one, which I’ve copied (with minor adjustments). I also want … Continue reading What is the best way to calculate true password entropy for human created passwords?
Is there any data on the patterns that show up in human-generated, low-entropy hexadecimal keys? To be clear not speculation, data.
As schroeder helpfully points out "there are numerous papers over many decades explaining that. For in… Continue reading Patterns in Human-Generated Hexadecimal Keys [closed]
Some time ago I read an article that mentioned that it is possible for some ransomware to change the magic numbers of a file (that makes sense). However, the authors claimed that their method was better, because they calculated the entropy… Continue reading Why does some Ransomware encrypt also the file header and trailer?
If you use Shannon’s entropy as an indicator to distinguish between encrypted and legitimate files, then it will be difficult to make a distinction between encrypted and compressed files, as both have a relatively high entropy value.
How i… Continue reading Why does ransomware also encrypt the file signature? [closed]
I am setting up a postgres db that will never be used by humans. In fact, I really don’t need to know it myself ever. I assumed that just using a 256bit(64 alphanumeric chars) hash of a unix timestamp IE:
date +%s%3N | sha256sum
A very im… Continue reading Is a sha256 hash of a unix timestamp a strong password
How does the HAVEGE method (or rather, the specific adaption of it as used in haveged) for generating randomness from timing differ from that of the Jitter Entropy method? Is there any research showing any major difference between their a… Continue reading Comparing HAVEGE and Jitter Entropy algorithms